<?php
namespace app\index\controller;
use think\Loader;
use \think\Request;
use think\Db; 
class Check extends \think\Controller
{

	public function login(){  	
		$this->view->engine->layout(false);
		return $this->fetch();
	}

	public function login_check(){
		
		if(empty($_POST['username'])||empty($_POST['pwd'])){
			$this->error('登陆失败');
		}
		$username=trim($_POST['username']);
		$pwd=trim($_POST['pwd']);
		$this->inject_check($username);
		$this->inject_check($pwd);
		$sql="username ='".addslashes($username)."' and pwd='".md5(addslashes($pwd))."' and status=0";
		$goodsObj=Db::name('category');
		$data=$goodsObj->where($sql)->find();			

		if($data){
			$_SESSION['admin_id']=$data['id'];
			$_SESSION['admin_name']=$data['username'];
			$_SESSION['branch_name']=$data['name'];
		    $this->redirect('/index');
		    
		}else{
			$this->error('帐号或密码错误');
		}
	}

	public function logout(){
		session_destroy();
		$this->redirect('/Index/index/login');
	}

	public function inject_check($Sql_Str) {//自动过滤Sql的注入语句。
		$check=preg_match('/select|insert|update|delete|\'|\\*|\*|\.\.\/|\.\/|union|into|load_file|outfile/i',$Sql_Str);
		if ($check) {
			exit();
		}
	}

}
